JOB DESCRIPTION
Are you ready to make an impact at DTCC
Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional development At DTCC, we are at the forefront of innovation in the financial markets. We are committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve.
The Information Technology group delivers secure, reliable technology solutions that enable DTCC to be the trusted infrastructure of the global capital markets. The team delivers high-quality information through activities that include development of essential, building infrastructure capabilities to meet client needs and implementing data standards and governance.
Pay and Benefits:
- Competitive compensation, including base pay and annual incentive
- Comprehensive health and life insurance and well-being benefits, based on location
- Pension / Retirement benefits
- Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
- DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).
The Impact you will have in this role:
We are seeking a Junior Vault Infrastructure Engineer to join our team supporting HashiCorp Vault deployments on OpenShift/Kubernetes platforms. This role involves maintaining secure secrets management infrastructure, automation, and providing L1/L2 support including weekend coverage..
Key Responsibilities
- OpenShift Role Onboarding: Create Kubernetes authentication roles, bind service accounts to namespaces, configure RBAC policies
- AWS IAM Role Onboarding: Configure AWS authentication methods, bind IAM principals to Vault roles, manage cross-account access
- AppRole Authentication: Create and manage AppRole authentication for applications, generate role-id/secret-id pairs, configure token policies
- Custom Policy & Folder Management: Execute custom Python scripts to auto-generate policies based on application requirements, create KV folder structures, manage path-based access controls
- Database Role Configuration: Set up dynamic database credentials, configure connection strings, manage user rotation policies
- LDAP Integration: Onboard Active Directory groups, configure group mappings, manage service account rotations
- Secret Engine Management: Configure and maintain KV, database, and LDAP secret engines across multiple namespaces
- Code Development & Management
- GitLab/Bitbucket Repository Management: Maintain automation scripts, Terraform configurations, and Jenkins pipelines in version control
- Code Review Process: Participate in merge request reviews, ensure code quality standards, implement feedback
- Branch Management: Work with feature branches, manage releases, coordinate code deployments
- Documentation: Maintain README files, code comments, and technical documentation in repositories
- CI/CD Pipeline Development: Create and maintain GitLab CI/Bitbucket Pipelines for automated testing and deployment
- L1/L2 Support
- Respond to incidents and service requests during business hours and weekends
- Troubleshoot authentication failures (Kubernetes, AWS IAM, AppRole, LDAP)
- Resolve secret access and policy permission issues
- Execute standard operating procedures for common onboarding failures
- Maintain incident documentation and post-mortem reports
- Coordinate with application teams for integration issues.
Talents Needed for Success:
Key Responsibilities
Primary Technologies and Tools
- HashiCorp Vault: Authentication methods (LDAP, Kubernetes, AWS IAM, AppRole), secret engines (KV, database, LDAP), policies, namespaces, snapshot management
- OpenShift/Kubernetes: Pod management, service accounts, RBAC, operators (Vault Secrets Operator), networking, storage, troubleshooting
- AWS: IAM roles/policies, S3, RDS, VPC endpoints, credential management, basic networking
- Python: Scripting, API integration, automation, error handling, subprocess management
- Infrastructure as Code: Terraform, YAML/JSON configuration
- CI/CD: Jenkins pipelines, Git workflows, automated deployments
- Version Control & Code Management: GitLab and Bitbucket for code repositories, branching strategies, merge requests, code reviews, CI/CD pipeline integration
ABOUT THE TEAM
IT Risk and Data Services department seeks to meet our clients needs by capitalizing on the progress made in both the Risk Technology Program and the Data Analytics work and driving adoption of these capabilities across the enterprise. Important initiatives like the Modernization and Resiliency Programs count on these foundational capabilities to succeed.
